Network Security Specialist
Marafiq
Total years of experience :17 years, 3 Months
PROJECTS:
1) SCADA integration with IT Network Infrastructure.
2) Deployment of Advance Threat Protect (Sandboxing and Content Analysis System).
3) Replacement of Data Centre Firewall (Replacement of Cisco ASA 5580 to Cisco ASA 5585 with FirePower Module)
4) Deployment of CISCO ISE 2.3 in LIVE Environment
Roles and Responsibilities:
• Maintaining and operating Network & System Security Appliances (Physical and virtual appliances).
• Maintaining IT Security and OT Security (In terms of Industrial Control Systems (ICS) - SCADA and DCS).
• Network Security Appliances include:
- Multi-platform Firewalls (Such as Cisco ASA Firewalls, Juniper SRX Firewalls and Paloalto Firewalls),
- IPS (intrusion Prevention Systems), FirePower and McAfee IPS
- BlueCoat Proxy (Internet Secured Gateway),
- Advance Threat Protection (Malware Analysis Appliance),
- Content Analysis System (Static Code Analysis, File Reputation, AV),
- PulseSecure SSL-VPN with Multifactor Authentication,
- Cisco ISE 2.3 (Identity Services Engine or Network Admission Control).
• System Security Appliances include:
- McAfee End-Point Protection,
- Symantec Mail Gateways,
• Maintenance and Operation includes Software Upgrade, Configuration Backup, Health Checks, Troubleshooting, Configuration modification etc.
• Creating firewall policies between zones to allow required traffic with specific services and ports as per approved change requests.
• Configuring OSPF Routing Protocols for advertising routes to Core Networks and WAN Networks.
• Upgrading firewalls with latest recommended software version to avoid recent vulnerabilities.
• Ensuring IPS Signature set updates on regular basis to protect against latest threats.
• Excluding some known and safe communications from the IPS inspection to minimize the loads on the CPU or hardware resources.
• Filtering Web Traffic from the bluecoat based on categories in alignment with organizational business needs.
• Manually blocking malicious websites (which is not yet categorized by global intelligence) in real-time as and when reported by SOC (Security Operation Centre).
• Creating VPN access for external and internal users as per business need or project requirements.
• Securing external access (access from outside to internal network) through SSL-VPN.
• Integrating Cisco ISE 2.3 with entire Access Switches and Wireless Controllers across the organization.
• Configuring Cisco ISE 2.3, creating policy sets with condition, requirements, posture policies and multiple identity groups for different set of end points.
• Protecting network access (WIRED and WIRELESS) aggressively and effectively with Cisco ISE. User’s computer cannot get network access unless it passes posture check and becomes COMPLAINT with certain conditions. The conditions mainly include Antivirus Definition Update and windows updates. Denying access by default for any external devices to the organization enterprise network.
• Provisioning GUEST internet access through Cisco ISE.
• Actively working with SOC to hunt for active threats and malicious activity within IT Network and OT and identifying possible attack vector.
• Proactively blocking indicators of compromise (IOCs).
• Ensuring computer systems are updated with latest antivirus definitions across the organization. Managing entire computer systems with required policies through McAfee ePO (ePolicy Orchestrator) Server.
• Ensuring secure email communication by implementing policies in Mail Gateway and Quarantining emails after stripping-off attachments with the unwanted extensions. Releasing the Quarantined Emails (with Service Request) as per business requirements.
• Integrating Symantec Mail Gateway with Advance Threat Protect (Sandboxing and Content Analysis System).
• Yearly Organizing external penetration testing, configuration review and Network Architecture review to find any potential gaps. Closing the gaps immediately after getting final reports.
• Maintained and supported Mobile Packet Backbone Network (MPBN) infrastructure for multiple clients across the globe.
• Configured multi-vendor and multi-platform routers, switches and firewalls which included Juniper Routers, Ericsson routers, Cisco routers and switches, Extreme switches, and Juniper Firewalls.
• Configured Routing Protocols which included BPG, OSPF and MPLS L3 VPN, MPLS L2 VPN and routing policies etc.
• Configured switching Protocols which included STP, RSTP, VTP etc.
• Configured Firewall rules as per required communications among the network elements.
• Troubleshooted network issues against the tickets raised by 1st level Assurance (or Front Office).
• Handled network down emergencies for various clients across the globe and provided resolution within stipulated SLA.
• Prepared used cases, knowledge base articles and troubleshooting steps to facilitate daily operational works.
• Prepared replica of client’s networks in Ericsson LAB to enhance and optimize client’s networks.
• Replicated client’s networks in Ericsson LAB to recreate/regenerate technical problems to perform root cause analysis.
• Reported bugs to engineering team based on the research and results collected in Ericsson LAB.
• Monitored the health of network devices and rectified the fault proactively; or replaced the faulty hardware through Return Management Authorization (RMA).
• Analysed network traffic and re-engineered network traffic flow to ensured optimal network operation.
• Acquired knowledge from KT (knowledge Transfer) from previous parties who were handling the manage services.
• Performed knowledge sharing within team in regular basis in order to adapt the frequent changes in the network.
• Worked in various projects across the globe. Those projects facilitated 2G, 3G and 4G networks expansion.
• Prepared, reviewed and updated HLD (High Level Design) and LLD (Low Level Design) for the networks of assigned projects.
• During project execution, performed site survey, assured hardware functionality, verified connectivity as per approved design, performed end-to-end configuration including internal and external routing protocols, ensured implementation of Ericsson standard solution for services integration, performed functional test for acceptance and final handover to managed services team.
• Participated in grabbing global opportunities (versatile projects) through internal assessments or internal interviews arranged by engagement lead.
• Created lead and opportunities by maximizing the technical performance during assigned overseas projects.
• Comprehended Ericsson ways of working, its business, its portfolio and offering. This was achieved while successfully preparing and passing Ericsson Internal Assessment Business Unit Global Services (BUGS) Exam.
JTAC Engineer on CSS Payroll.
• Handling technical calls against technical cases raised by global ISP (Internet Service Providers) and Corporates. ISP Customers include A&T, Nokia & Siemens, Ericsson, Saudi Telecom, Etisalat, British Telecom and Orange etc. While Corporate customers include Google, IBM, Infosys and Virtela etc.
• The technical cases had four major categories with respective service level agreements (SLAs). Priority 1 (Critical) cases had SLA of 4 hours, Priority 2 (High) cases had SLA of 24 hours, Priority 3 (Medium) cases had SLA of 3 days, and Priority 4 (Minor) cases had SLA of one week.
• Providing technical support for Juniper M Series, T Series and MX Series Routers. The Juniper routing platforms include M7i, M10i, M40e, M120, M320, MX80, MX480, MX960, T320, T640, T1600 etc.
• Performing live troubleshooting taking remote access to the Juniper Routing Platforms.
• Isolating the cause of the technical issues by analysing detailed logs and traces.
• Rectifying routing configuration if the issue is caused by misconfiguration or missing configuration.
• Replacing the hardware parts or chassis if the issue is caused by hardware fault. The hardware replacement is done through RMA process as per customer service contracts.
• Replicating customer networks in Juniper LAB and recreating/regenerating the technical problems to find the root cause of technical issues.
• Reporting bugs to the engineering team based on the results collected during LAB replication.
• Informing customer with bug fixes and providing Problem Report ID to track the corresponding fixes.
• Configuring network protocols. The protocols include BGP, MPLS L3 VPN, MPLS L2 VPN, VPLS, OSPF, IS-IS, RIP, Multicasting CGMP, IGMP, PIM (DM), PIM (SM), STP, RSTP and VTP etc.
• Generating network traffic with required protocols (BGP, OSPF, MPLS, Multicast etc) with traffic generator IXIA during LAB replication. The LAB consists all Juniper routing platforms (M7i, M10i, M40e, M120, M320, MX80, MX480, MX960, T320, T640, T1600 etc.).
• Using interpersonal skills apart from technical skills to ensure customer satisfaction as per organization expectation.
• Maintained Data Centre for Royal Commission Hospital.
• Analysed, Maintained and operated Network & Computer System Appliances.
• Interpreted Network System Appliances which included Routers, switches and firewalls.
• Upgraded Network Appliances and Computer System Software versions, performed configuration backup, analysed logs for Health Check-up.
• Troubleshooted several technical issues related to Network and Computer Systems.
• Reviewed Network Architecture and Recommended Standard Network Design.
• Configured Network and Computer System appliances, Created Firewall Policies.
• Installed & configured Network Switches & Routers. Maintained the Network for three clinics connected with Royal Commission Hospital.
• Handled tickets raised by helpdesk. Maintained user’s computer connectivity and provided seamless access to emails, internet, applications and other services.
• Managed Cisco ASA Network Firewall. Created access rules/policy as per the requirements.
• Managed Cisco 6509 series Core Switches. Troubleshooted Layer 2 protocol STP/RSTP which were used with Layer 2 switches.
• Project: Cisco Core Switch Replacement from Backbone Network.
Replaced Cisco Core Switch 6509 with Extreme 8810 Black Diamond and Extreme 8806 Black Diamond. Implemented the same configuration according to extreme switches as it was before with entire network operation. Updated High-level design (HLD) and Low-Level Design (LLD) for New Network Setup.
• Project: Fibre Optics implementation for the remote sites.
Site Survey and fibre optics termination according to the proposed design for complete interconnectivity. Connected the remote switches with Core Data Centre Switch (Extreme 8810 Black Diamond and Extreme 8806 Black Diamond) in Head Office through interconnected Fibre Optics. Changed the switch configuration to bring it online on new fibre optics connection. Disconnected the legacy connection from remote sites.
• Project: Wireless Network Expansion.
Carried out Campus Survey & performance testing of existing Wireless Network Elements. Prepared documentation for different scenarios with available equipment’s & with new material requirements. Accomplished the project for approved scenario. Devices used in the project are Cisco 1242 AG outdoor access points, Infinet Wireless Router (Wimax) for Backhaul Connection, BelAir Access Points and Cisco Wireless Controller 4400 series.
Job Responsibilities:
• Maintaining the Network Operation Center (NOC)
• Installing & Configuring the Switches & Routers.
• Member of OSS team for Vodafone, Kolkata
Projects undertaken:
• IP Planning for BSC Connectivity to O&M Network for Vodafone Kolkata.
• Configured, troubleshooted and supported Cisco devices (GSR-Cisco 12000 Series, Cisco 7513, Cisco 7200 series Routers, Cisco 6513, 3500, 2950 Switches).
• Handled tickets raised by the corporate customers.
• Coordinated with customers & resolved issues as per agreed Service Level Agreement (SLA).
• Handled appropriate network faults by doing follow-up and escalate to the next level.
• Maintained Metro-Ethernet Network on MPLS backbone consisting of Cisco 7609 and 7606 Boxes. This included health check-up, replacing faulty hardware units through RMA, securing configuration backup.
• Maintained Cisco GSR-12000 on the core. This included health check-up, replacing faulty hardware units through RMA, securing configuration backup.
• Proactively monitored entire IP Network including wireless networks MMDS and WIMAX.
• Captured network flow data to analyse network traffic and network bandwidth usage for multiple interfaces, isolated cause of the issues and performed break-fix, to make sure continuous stability and best network performance.
• Actively involved in day to day provisioning and assurance of Data Circuits for Corporate Customers in both IP and MPLS backbone.
• Weekly network performance and issue reporting.
• Implemented networking protocols MPLS (L3/L2 VPN), BGP, OSPF, EIGRP, RIP. These protocols were configured on various routers.
• Troubleshooted Layer 2 protocol STP/RSTP which were used with Layer 2 switches.
• Handled Project (Centralized Network Management System) responsibilities alongside above duties.
• Using the tool Cramer OSS Suite; and integrating entire IP Network elements to build the inventory of network infrastructure and configuration.
Key Highlights:
Accountable for doing coding for assigned module of any project.
Instrumental in doing connectivity with database (Oracle 8i).
Major Project Handled:
Campus Preparation Catalyst.
Hotel Management System.
Engineering Graduate: Computer Science and Engineering